Wednesday, July 30, 2008

ACFE 2008 Report to the Nation

I just found the link to the Association of Certified Fraud Examiners 2008 Report to the Nation on Occupational Fraud and Abuse (discussed in this post). 68 pages of excellent information. If you are a business owner, you can not afford to not read this.

The Current Ratio: An Additional Thought

This is an add on to my last post.

Pretend you are a company that has a current ratio covenant and you expect to be out of compliance. You are going to try and bring yourself into compliance by using some of the cash you have on hand to pay off current debt.

Result: You bring yourself into compliance with your current ratio covenant. And you've decreased your cash at the same time. That doesn't make me feel better.

On the other hand, say you attack this by trying to accelerate collections on outstanding receivables. Done right, that can be a good thing. Done wrong, and it can be a nightmare. If you attack it by reducing inventories, that means (hopefully) that you are going to sell it. Which means more receivables.

Really, the only quick way to attack it is to use up cash. And your working capital is unchanged. Why is this better??

Friday, July 25, 2008

Why The Importance of the Current Ratio?

The first ratio an accounting student learns is the current ratio. You calculate the current ratio by dividing total current assets (generally cash, short-term investments, receivables, inventories, and prepaid expenses) by total current liabilities (generally short-term debt, accounts payable, accrued liabilities and taxes). For example, if you have $300,000 of current assets, and $150,000 of current liabilities, you have a current ratio of ($300,000 / $150,000) 2:1. In other words, there are $2 of current assets available to retire each $1 of current liabilities.

In fact, 2:1 is generally considered a good sign; that's what they teach you in the textbooks as well.

The writers of many bank loan agreements have also drunk the current ratio Kool-Aid. Not all loan agreements have financial covenants in them, but we do see them quite often. Quite often you will see one requiring the borrower to maintain a current ratio of at least 2:1.

The problem is that this ratio is easily manipulated.

Say it is December 15, and Acme Company is approaching its December 31 year-end. It has a loan agreement that requires it to maintain a current ratio of 2:1. Uh oh - Acme has current assets of $250,000 and current liabilities of $150,000. Its current ratio is currently (pun kind of intended) 1.67:1. If it maintains that ratio through the end of the year, it will violate its covenant with the bank, which at its worst could result in a default on the loan, and the bank wants to repaid right away.

So what can Acme do about this? Pay off $50,000 of current liabilities. It now has $200,000 of current assets (they used cash after all) and $100,000 of current liabilities. Its current ratio becomes 2:1.

Even better - pay off $75,000 of current liabilities. Now the current ratio becomes 2.33:1. Or pay off $100,000 of current liabilities to get a current ratio of 3:1.

This is just nonsense. Working capital (current assets less current liabilities) in all cases is $100,000. All Acme has done is game the system a little (presuming of course it has sufficient cash) to be in compliance.

Wouldn't just focusing on working capital make more sense? That requires the company to focus in improving its revenues and reduce its costs. And wouldn't that make the bank feel more secure?

Whither the PCAOB? And with it, SOX?

The CFO of one of the companies I work with sent me a very interesting article published by UBS and dated June 5, 2008:

Issue Alert - Sarabnes-Oxley Act (SOX) Will Fall - Federal Appellate Court Action Expected Soon.

There is litigation in the US Court of Appeals for the District of Columbia Circuit styled Free Enterprise Fund, et al. v. PCAOB. SOX states that the Public Company Accounting Board (PCAOB) is a private-sector entity, not a governmental body. The litigation challenges the constitutionality itself of the PCAOB. If the Appeals Court finds for the plaintiff, the PCAOB will be put out of business. Even more importantly, SOX in its entirety will fall because there is no severability clause preserving portion of the Act that are not deemed unconstitutional.

The writer of the UBS alert expects the Appeals Court to find for the plaintiff. That would undoubtedly result in an appeal to the US Supreme Court. The writer expects the Supreme Court would hear the case and rule by June 2009.

Let's say the UBS alert writer is correct - the PCAOB is found unconstitutional, and then with it goes all of SOX. What would happen next? In all likelihood, Congress would come up with some kind of a replacement, and quickly. Congress is expected to stay in Democratic hands, and it is unlikely in the current economic condition that would come up with something even more difficult to deal with than what we have. More likely - they would likely ease up on some of the more onerous parts of SOX as it is today.

Let's remember that SOX was a reaction to the spectacular frauds of the first part of this decade (if anyone knows what this decade is called please let me know) - Enron and Worldcom especially. And Congress was in Republican control at the time; there is an irony to all that. Many years later, we are not going to see all of this go away, but we might find ourselves with something that is easier to live with.

Thursday, July 24, 2008

The "New" Auditing Standards

As I think I've written on before, we auditors got to implement many new auditing standards over the last two years. In a nutshell, we have to focus even more on risks than before.

It's been almost a year now since I went for training on these standards, and I've done many audits under the new standards. I also discuss them with colleagues at other firms from time to time. This is what I think about them:
  1. Overall, the intention behind them is good.
  2. Practically speaking, it can be overkill on very small companies. I have a franchisor client who as of the most recent financial statement had sold 2 franchises. She issues maybe 5 checks a month, and makes maybe 3, at the most, deposits a month. I can examine/audit every transaction in less than an hour. Yet I am supposed to, amongst other things, have a detailed discussion on fraud risks with her (ok that was SAS 99 which is more than 2 years old), examine all of her systems and controls (it's just her - she doesn't have or need any), link financial statement assertions to various risks and more. It is just overkill.
  3. It can be very confusing.

At the end of the day, my concern is whether the financial statements are fairly presented in accordance with generally accepted accounting principles. I, as an auditor, need some leeway in determining how I get to that opinion. I'm hoping the Auditing Standards Board realizes this sometime soon.

Thursday, July 17, 2008

Writing a "Management Letter"

One of the requirements when performing an audit of an entity's financial statements is to write what is commonly called a "management letter." Technically, it is more the required communications of significant deficiencies and material weaknesses in an entity's system of internal controls as required by SAS No. 112.

You have to approach these letters very individually. Some entity's frankly don't care all that much. They are going to do things they way they are going to do things and that is all there is to it. Other's may be very small and there is a statutory reason for the audit, like a small franchisor. There isn't much of a point to say go for greater segregation of duties when the entity consists of one person.

I just completed a first draft on a management letter. I was discussing aspects of it this morning with the controller, and I told him that their letter is always the most fun for me to write. That is because they actually are very interested in it. This entity has a strong commitment to ethical behaviour and is always looking for ways to improve. Right now, they are in the midst of putting together a disaster recovery plan (something I had mentioned a couple of years ago). I said that their letter is the most fun to write because I can explore different areas of suggestions, like coming up with a succession plan, that many other companies would just ignore.

I don't know the reception yet on the draft I will submit after lunch, but it is bound to be interesting.

Thursday, July 10, 2008

New Document - Managing the Business Risk of Fraud

The Association of Certified Fraud Examiners (yours truly is a proud member) has a new document you can download on its website: Managing the Business Risk of Fraud: A Practical Guide. The guide is a good overview of what every business, small and large, should consider doing to reduce the risk of fraud occurring.
The guide is 80 pages long, and for me at least there wasn't a tremendous amount new in the main part of the document. However, several of the appendixes are very good and potentially very useful to the small businesses I usually work with:
  • Appendix C: Sample Fraud Policy - This appendix is about 4 pages long and can be used as the starting point for a business fraud policy.
  • Appendix D: Fraud Risk Assessment Framework Example - the example focuses on potential revenue recognition risks for a business. What I like about it is you often read that you should do something like this, but finding a good example of one is hard to find.
  • Appendix E: Fraud Risk Exposures - the material notes it is a sample from an anonymous entity and isn't necessarily complete. It is though a solid listing of potential fraud risks.
  • Appendix F: Fraud Prevention Scorecard and Appendix G: Fraud Detection Scorecard - concise tests a business can take to see how they are doing on prevention and detection.

80 pages is a lot of material. If you are serious about reducing your fraud risks, this is a good place to start.

Thursday, July 3, 2008

The Fraud Triangle - Is it Now the Fraud Diamond?

I just read a very interesting article by Peter Goldmann on the Associate of Certified Fraud Examiner's website.
One of the first things a fraud examiner learns is the Fraud Triangle. Essentially, it says that in order for occupational fraud to occur, 3 factors are generally present:
  1. Pressure - the fraudster has a financial need or pressure, generally in the form of a perceived nonsharable financial need;
  2. Opportunity - there is a perceived opportunity in the organization to commit the fraud; and
  3. Rationalization - the fraudster is able to rationalize their actions.

Generally speaking, most employees are honest. But the new ACFE Report to the Nation reveals that nearly 88 percent of employee fraudster who get caught have no criminal record.

Goldmann makes the case that the triangle of causes may become a diamond - the fourth corner being the "widespread sense of alienation and disenfranchisement, driven largely by the 'layoff culture'...and further fueled by the accelerated disappearance of health care, pension and other benefits...foreign outsourcing of both hourly and salaried jobs...and increasing stressful workloads."

That is frightening.

Goldmann states that historically, employees who survive a mass layoff (defined as more than 50 employees in an individual private-sector employer) generally took it well. They felt bad for their former coworkers, but felt that management was doing what it needed to do to protect the business. However, in the last 10 years or so, researchers are now seeing a change of heart in the surviving employees. There is now a heightened fear that themselves are disposable. When that happens, they lose "all sense of camaraderie and 'belonging' to the community and instead start to focus on 'looking out for number one.' "

Fortunately, not all employees are going to have this reaction to the effects of a culture of layoffs. But to again quote Goldmann, "why risk alienating workers and encouraging them to steal from us if we don't have to?"

One possible solution is tone at the top. Tone at the top is a key context especially in Sarbanes-Oxley compliance, and setting a positive one, one that shares information clearly and consistently, can help combat this.

Wednesday, July 2, 2008

2008 Report to the Nation is out

The Association of Certified Fraud Examiner's 2008 Report to the Nation on Occupational Fraud & Abuse is out. Not yet available on their website, which is curious.

Every other year, Certified Fraud Examiners submit to the ACFE information on frauds they have investigated. The new report is based on 959 cases that were investigated between January 2006 - February 2008.

Some highlights:
  • Survey participants estimate that U.S. organizations lose 7% of their annual revenues to fraud.
  • The median loss caused by the frauds in the study was $175,000. More than one quarter of the frauds involved losses of at least $1 million.
  • The typical fraud in the study lasted two years from the time it began until the time it was discovered. (I think it was 18 months in the 2006 Report).
  • 27% of cases involved corruptions, and 24% involved fraudulent billing.
  • Financial statement fraud was the most costly category with a median loss of $2 million.
  • Despite increased focus on anti-fraud controls, occupational frauds are much more likely to be detected by a tip than by audits, controls or other means. 46% of the cases were detected by tips from employees, customers, vendors, and other sources.
  • The implementation of anti-fraud controls appears to have a measurable impact on an organization's exposure to fraud. Organizations that conduct surprise audits had a median loss of $70,000, while those that did not had a median loss of $207,000.
  • Small businesses are especially vulnerable to occupational fraud. The median loss suffered by organizations with fewer than 100 employees was $200,000. This was higher than the median loss in any other category, including the largest organizations.
  • Lack of adequate internal controls was most commonly cited as the factor that allowed fraud to occur.
  • Occupational frauds were most often committed by the accounting department or upper management.
  • Occupational fraudsters are generally first-time offenders. Only 7% had prior convictions and only 12% had been previously terminated by an employer for fraud-related conduct.
  • Fraud perpetrators often display behavioral traits that serve as indicators of possible illegal behavior. The most commonly cited behavioral red flags were perpetrators living beyond their apparent means (39% of cases) or experiencing financial difficulties at the time of the frauds (34%).

Bottom line: Fraud continues to be a major drag on the economy (if 7% of revenues are lost to fraud, that is nearly $1 trillion dollars of the United States Gross Domestic Product). Worse yet, many organizations still do not have appropriate fraud defenses in place.

More from the Report in the future.